Fintech’s initial focus on disrupting conventional banks has given way to a more conciliatory approach but, as The In-House Lawyer hears from the sector’s senior counsel, a new flashpoint could be on the horizon

‘When fintech became a big thing the narrative was all about the banks being disrupted and the threat to their business model,’ says Martin Cook, UK general counsel at Funding Circle, one of the world’s most successful peer-to-peer lenders. ‘There has since been a shift toward what might be called “fintech 2.0”, with a less aggressive conversation on both sides. The business model has matured toward delivering a better service to the customer rather than simply beating the banks.’

Photo: Antonio Quintano

There are good reasons for the change in mood. Disintermediating banks looks great in theory, but most successful fintechs have grown by working with the incumbents. About a quarter of all peer-to-peer platform lending now involves institutional capital. The increased institutional interest in the sector is attracting law firms, with the Magic Circle paying assiduous attention to the emerging client-base. Slaughter and May recently launched its Fintech Fast Forward programme, which offers financial and legal support to promising UK start-ups in the sector.

In its first round of awards, Slaughters selected five companies: regulatory compliance software developer Enforcd, rapid account set-up challenger bank Tide, cyber security developer Garrison, car insurance provider Just Miles and remittances platform WorldRemit. Ben Kingsley, a member of Slaughtersʹ global investigations group and part of the consultative panel to the programme, says it will help the City leader better understand the sector. ‘Fintech only really entered the legal vernacular in the last couple of years and we are becoming increasingly cognisant as a firm that we have to go out there and find the people who are really pushing the envelope when it comes to technology. These businesses operate in a completely different way and we need to do as much as possible to understand how their world works.’

Slaughters’ initiative was launched after similar schemes from Simmons & Simmons and Addleshaw Goddard, while Freshfields Bruckhaus Deringer has just unveiled a scheme to get its associates to pitch to clients in the sector.

The global fintech industry is clearly going somewhere. Estimates of market size vary hugely, but it is commonly accepted that the sector tripled in 2014 before doubling again in 2015. That growth (some see a bubble) is already correcting – global investment in fintech fell almost 50% to $24.7bn in 2016 – but the industry continues to perform well and venture capitalists (VCs) are falling over themselves to invest in it. It is also one of the few industries in which the UK can claim a market-leading position. According to the UK government’s 2015 Blackett Review, fintechs employ over 135,000 people in the UK in a market estimated to be worth £6.6bn.

There has been a shift toward ‘fintech 2.0’. The business model has matured toward delivering a better service to the customer rather than simply beating the banks.Martin Cook – Funding Circle

The success enjoyed by UK players has, in part, resulted from a favourable regulatory environment. The Financial Conduct Authority has set up Project Innovate, described as a regulatory sandbox and dedicated advice unit, to help start-ups and other organisations test products aimed at the consumer market. But with the UK set to leave the European Union, its success in the increasingly competitive global fintech market will come under stress, particularly if financial passporting rights cease to apply. As a result, UK fintechs carrying out regulated financial activities are intensifying their efforts to establish European arms. In July 2016, Seedrs was granted an EU Financial Services Passport and opened a branch in Amsterdam, and according to members of The Disruptive GC Network (see page 44), which runs its own fintech Slack channel, responding to Brexit is among the most frequently discussed issues in the community.

Fintech’s initial focus on disruption may have been displaced, but there remains a degree of truth in the assumptions that supported such rhetoric. As one partner specialising in alternative finance comments: ‘Fintech projects at large banks take 12-18 months to get out of the committee room and only half of them ever see the light of day. That has convinced me that banks are not able to respond to the challenge these start-ups pose. Banks’ processes, size, sign-off and conflicts with clients means they cannot progress at speed.’ Several other partners noted that while their fintech practices had thrived on the start-up advisory side, they had struggled to gain traction with the banks.

Dean Nash, former head of legal overseeing Barclays’ internal fintech strategy, now GC at challenger bank Monzo, says the legacy systems banks operate with also present a barrier to innovation. ‘Most large banks have grown through acquisitions and, from an IT perspective, it’s like having 20 banks operating as one. Banks’ systems are not terrible, but there are so many interdependencies that they simply can’t produce code as quickly as fintechs.’ Indeed, according to figures from Deloitte, banks in Europe spent €55bn on information technology in 2014. Only €9bn of that was spent on new systems, with the balance used to bolt-on more systems or simply keep the old technology working.

Concerned at these nimble new competitors, banks are frequently monitoring the competition by setting up their own fintech incubators (basically sponsorship and support programmes for early-stage businesses) and dedicated investment arms. But, says Nash, learning from new providers will require a shift in mentality. ‘Every large bank is making a huge drive to partner with fintechs and there has been a move toward shorter, less onerous contracts but it’s a difficult balance for the banks to strike. It is all well and good inviting some coders to your offices to take part in a hackathon, but when a bank engages with a new supplier commercially it will still need to meet all the usual operational, technical and security standards. The banks do have a very rigid approach to dealing with counterparties, but you can’t blame them. Most of these start-ups don’t have any assets and if something goes wrong it’s the bank that will have to pay out.’

Caution aside, banks are acutely aware of the challenge that fintech poses. For each of a bank’s core retail services – deposits, loans, mortgages, and money transfer – there is a start-up looking to build its business model around doing it much faster and cheaper. The competition is also becoming increasingly financially sophisticated. For example, Adair Turner, or Lord Turner, former chair of the Financial Services Authority, is now a board member at the recently launched OakNorth, the first cloud-based bank in the UK. Challenger banks will face their own problems, however. Capital adequacy requirements mean they need to raise large sums each year to secure or maintain banking licences, and while fintechs may be better at dealing with Millennials and developing sexy front-end apps, the banks still retain many substantive advantages, from large customer bases to expertise in handling data securely.

For each of a bank’s core retail services there is a start-up looking to build its business model around doing it much faster and cheaper.

It is not just increased competition from start-ups that concerns the banks. From the incumbents’ perspective, the big story in fintech is the impact new regulations could have on their business. The EU’s Payment Services Directive 2 (PSD2), which seeks to create a single market for electronic payments, must be transposed into EU member states’ laws by 13 January 2018. The UK has said it is committed to implementing PSD2, though it has already developed its own piece of parallel legislation – the Open Banking Standard – which will also come into force in January 2018. The initiative is being supported by the Competition and Markets Authority (CMA), the UK’s primary competition watchdog, which has in recent years attempted to prod the financial services industry into giving consumers a better deal.

Marcus Ezekiel, GC of the Open Banking Implementation Entity, describes the initiative as the UK’s bid to ‘enable a digital economy through the delivery of a new retail banking service’ by providing the foundations for ‘a range of remedies set out in the CMA’s retail banking report to facilitate improved choice for customers by enabling greater transparency.’

While there are subtle but important differences between the two regulations, both PSD2 and Open Banking will compel the banks to open up their APIs (application program interfaces) – the piece of software that allows one piece of source code to work with another – to third parties. Essentially, the laws allow any regulated organisation to access customer account data from the institution which holds it. That might not sound like much, but the regulators believe it could reshape the industry.

Ceci n’est pas une dumb pipe?

One reason customers are so reluctant to switch current accounts is the difficulty involved in doing so. Once you can move your balance at the click of an app, so the regulators’ theory goes, people are much more likely to explore the competing products available. If a start-up is able to design a convenient, single point of contact app that allows customers to access all their accounts and transfer money between them seamlessly, the threat to the banks is that they are relegated to what the industry calls a ‘dumb pipe’, akin to an infrastructure provider that simply connects the various customer-facing offerings.

Nash comments: ‘The prospect of banks becoming dumb pipes is a dystopian view but it is not an impossible outcome of all this. Challenger banks don’t even need to convince people to trust them with ownership of their current accounts, they just need to take the customer engagement layer away from the banks. Current accounts only really exist as a sales hook for other products, and the banks’ hands are tied by their need to push their own products. It would be a brave bank that tells a customer the right product is that of a rival. That means challengers can quickly build a reputation for selling customers the right product.’

Even if the banks are not destined to become passive infrastructure, opening up their APIs will see armies of coders in a race against the clock to get back-end systems ready before January 2018. More ominously, it is still not clear what technical standards the European Banking Authority will require for PSD2’s implementation (the CMA, which compelled the nine largest current account providers in the UK to help develop the Open Banking Standard, has been far more successful in addressing this problem, but since banks will have to comply with both pieces of legislation anyway it is a moot point).

Working out how open APIs will mesh with the new General Data Protection Regulation (GDPR) will add a fresh layer of complexity. Slaughters’ Kingsley comments: ‘The laws don’t directly conflict but they do create tension when taken together. Once you open up systems containing sensitive data to third parties, one can then extrapolate other data. For example, you would know whether a person is making payments to healthcare providers and that might affect insurance risk premiums. It’s likely to be very complicated to get the balance right for lawyers.’ It could also be very costly if they get it wrong. At the moment the maximum penalty for a data breach in the UK is £500,000. Under GDPR it will be 4% of global GDP.

The prospect of banks becoming dumb pipes is a dystopian view but it is not an impossible outcome.Dean Nash – Monzo

Nash identifies a further problem. ‘GDPR introduces the concept of supply chain liability and makes both the data controller – the one who owns the data – and processor – the one who transmits it – liable for breach. In a simplified model one provider sends data to another, but in the real world there will be a continuous loop of data between the two. How regulators will define who the controller is and who the processor is in that situation remains to be seen. If one screws up, is the other on the hook for supply chain liability? It could be a minefield.’

While the regulators hope open APIs will allow instant data flow between banks and third parties, Jamie Whitcroft, GC of London-based seed-funder Passion Capital, thinks this may be too optimistic. ‘The question is whether banks will comply with the spirit of the law to promote competition or just follow the letter of law and make it difficult for challengers. From what I’ve heard in the industry it will be the latter. Banks will have to open their data but they will make it as hard as possible to access. It will be difficult for challengers to build a viable product on top of that legislation in the short term.

It might also be pointed out that, unlike fintechs, banks do not have particularly good API portfolios. As such, even challengers question whether opening APIs will increase competition. As Jenifer Swallow of TransferWise comments: ‘Improving the customer experience is a laudable ambition and one we place at the core of our business, but the whole open banking movement is a little constrained in terms of its focus. It pays so much attention to making the incumbents take action that it risks overlooking what actually matters to customers.’

Fintech 2.0 is here, but as Crowdcube GC Paul Massey adds, we should not get too comfortable with the idea of symbiosis. ‘The banks and fintechs may no longer be fighting each other, but if you look at the new regulations, technologies and customer habits coming down the line it is clear that the next five years will transform the way we think of finance.’

Disrupting finance: two GCs give their views on the fintech industry

Jenifer Swallow, TransferWise
‘Working in fintech is completely crazy and I would advise any lawyer thinking of taking the step to strap on their seatbelt and be prepared! I had a lot of experience before I joined TransferWise – I was in private practice for five years, I was at Yahoo! for five years, I was at Zynga pre and post-IPO, and I was at Mind Candy – but nothing prepares you for the intensity of the role. You need to be able to handle a huge workload at speed, you need to understand the wider environment the business operates in, and you need to be prepared do the simple stuff. You can’t go in thinking, “someone in the team will draft the NDAs”. In those first few months, you are the team! Figuring out what a legal department should look like in a fintech company is your next challenge as GC, and finding the right staff can be like looking for unicorns. You want someone with regulatory expertise who can also be deployed as a generalist and, crucially, fit in with the culture. As GC, you’re not looking for lawyers who have all the answers, you’re looking for lawyers who can handle the environment.

Finding the right staff can be like looking for unicorns.Jenifer Swallow – TransferWise

The big plus in joining a fast-growth company is that it lets you step away from the traditional GC role. Because you are so close to the business there are all sorts of opportunities to shape it. It also means your legal knowledge gets far more leverage over the business. For example, I’m much closer to the product engineers than I would be at a larger tech company, which means I can have them extract data or change a product in response to new regulation. That’s the joy of this structure – it’s the polar opposite of a bank. From my perspective as GC it’s fantastic to work within a business that is interested and engaged in legal and regulatory issues.’

Jamie Whitcroft, Passion Capital
‘I heard about the role at Passion Capital through Twitter. My boss jokes that it was the first test: you’re a lawyer and you’re on social media – it’s a good start if you want to work at this type of company. Passion invests in disruptive businesses but we are also disrupting the venture capital model with our business. Venture capital has a bad reputation in fintech. It is usually aggressive on terms and pushes hard on downside protection. Our approach is completely different – it’s much more founder-friendly. We go in light and are fair and transparent with our terms. If you don’t treat founders well then word gets out – people talk, they check social networks. Fintech is a small world. As GC I am predominantly advising Passion on its exposure, but I am also a resource for portfolio companies to call and ask questions. If you’re a start-up that doesn’t have the resource to employ a lawyer that can be a huge advantage.

The dynamics of the fintech sector are changing rapidly. There are huge sums of capital available for private investment and the stratospheric valuations are attracting hedge funds and asset managers more traditionally focused on public companies. Start-up management teams aren’t under as much pressure to IPO or sell – they can simply delay their exit through successive funding rounds. If private capital is always willing to fund you, the burdens of going public and disclosing everything seem unnecessary. What was once a five-to-ten-year path to exit is now more like a ten-to-15-year path. For a seed funder like Passion, that means we need to prepare for longer relationships. It is therefore important that we work well [with] founders and do everything we can to be a supportive, long-term partner.’

Spring 2017

Latest Features

Ah, despite the changing fashions, technology and economic realities of the day, in law you can always rely on that curious mix of mutual hypocrisy, miscommunication, mistrust and conflicting agendas between clients and law firms to endure.